This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.410-6 released


Up2Date 9.410006 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-534]: [AWS] Template update notification
Fix [NUTM-6178]: [AWS] pg_xlog directory filling up on AWS deployments
Fix [NUTM-6186]: [AWS] Make all UTM logs available in AWS CloudWatch
Fix [NUTM-6224]: [AWS] awslogs daemon init script: restart broken
Fix [NUTM-6296]: [AWS] REST API doesn't work in cluster mode
Fix [NUTM-6402]: [AWS] [RESTD] Session is not closed after token is deleted
Fix [NUTM-5846]: [Access & Identity] IPsec Remote Access use the IP address instead of the username in the log
Fix [NUTM-6174]: [Access & Identity] [RED] mobile_network config part not pushed to prov
Fix [NUTM-6218]: [Access & Identity] HTML5 VPN: Comma not working on Portuguese (Brazil) keyboard
Fix [NUTM-6374]: [Access & Identity] REDs with static WAN config are offline after update to v9.409
Fix [NUTM-6375]: [Access & Identity] Cisco VPN with iOS doesn't work after update to 9.409
Fix [NUTM-3152]: [Basesystem] libxml2 security update (CVE-2013-2877)
Fix [NUTM-5158]: [Basesystem] glibc security update
Fix [NUTM-5726]: [Basesystem] Follow up NUTM-5403 - Sometimes slave stuck in syncing indefinitely after failover
Fix [NUTM-5800]: [Basesystem] curl security update
Fix [NUTM-6127]: [Confd] Expired license loaded after reboot even if the valid license was imported already
Fix [NUTM-6396]: [Confd] Character ">" or "<" for password will change to "&lt;"
Fix [NUTM-5447]: [Documentation] Japanese description has the wrong vocabulary of black list at "Sender Blacklist" in user portal
Fix [NUTM-3515]: [Email] [SPX] Using 'ß' and ',' as windows-1252 in form breaks utf-8 conversion
Fix [NUTM-4932]: [Email] Password protected file passes SMTP proxy
Fix [NUTM-6196]: [Email] E-Mail with Sandstorm supported and unsupported files will be moved into quarantine
Fix [NUTM-6256]: [Email] SPX inserts Backslashes into nicename of receipient address
Fix [NUTM-5656]: [Endpoint, Web] Sandstorm feature does not work if SEC managed endpoints with Full Web Control are used
Fix [NUTM-5756]: [Network] Remove empty log lines coming from the firewall subsystem
Fix [NUTM-6202]: [SUM] After update to v9.358 the "guid" was recreated
Fix [NUTM-5717]: [Sandboxd] Respect "file OK" error responses from get/score for SB Proxy API 1.2
Fix [NUTM-6165]: [WAF] Additional cookie from WAF is added without HttpOnly detail
Fix [NUTM-6356]: [WebAdmin] AD User Test fails after first creation of an authentication server
Fix [NUTM-4118]: [Web] Still coredumps from httpproxy since installation of rpms from NUTM-3119
Fix [NUTM-5399]: [Web] httpproxy[xxxx]: segfault at 4 ip 00000000080c2113 sp 00000000ea8aee90 error 6 in httpproxy
Fix [NUTM-5561]: [Web] URL category name "Potiental Unwanted Programs" spelling mistake
Fix [NUTM-5663]: [Web] HTTP proxy restarted with core dumps in 9.407
Fix [NUTM-5834]: [Web] 'Force caching for Sophos Endpoint updates' doesn't seem to force caching
Fix [NUTM-5956]: [Web] UTM breaks auto-update on SAV for Mac
Fix [NUTM-6310]: [Web] Corrected ownership and permission of sandboxd db files
Fix [NUTM-5366]: [WiFi] Wireless Protection Manager doesn't have sufficient rights to edit time definitions
Fix [NUTM-5567]: [WiFi] APs remain inactive after being accepted on UTM
Fix [NUTM-6125]: [WiFi] Customized login page displays invalid characters

RPM packages contained:
glibc-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
glibc-locale-2.11.3-17.102.1.1569.g1acae51.rb6.i686.rpm
libcurl4-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
libsaviglue-9.40-6.g75ae555.rb5.i686.rpm
libsensors4-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
libxml2-2.7.6-0.50.1.1568.g1acae51.rb9.i686.rpm
cm-nextgen-agent-9.40-13.g5e13e9f.rb4.i686.rpm
curl-7.19.7-1.64.1.1569.g5d136b5.rb10.i686.rpm
firmwares-bamboo-9400-0.247933954.g233cdf1.rb5.i586.rpm
freerdp-1.0.2-6.g0ecd430.rb6.i686.rpm
modcookie-9.40-95.g8f24856.rb6.i686.rpm
navl-tools-4.3.0.35-0.247268873.ga345596.rb5.i686.rpm
perf-tools-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
red-firmware2-5038-0.248960247.ge6f33ce.rb1.noarch.rpm
red15-firmware-5038-0.248960497.g001f267.rb5.noarch.rpm
ruby-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
ruby-common-2.0-3.1.1.1614.gc24aad5.rb4.noarch.rpm
ruby-devel-2.2.6-0.247137817.g1cc0d1c.rb4.i686.rpm
rubygem-addressable-2.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-aws-sdk-v1-1.66.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-bundler-1.13.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-0.17.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-essentials-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-extras-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-fsm-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-pool-0.20.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-celluloid-supervision-0.20.6-0.250018781.g4af754f.rb2.i686.rpm
rubygem-crack-0.4.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-diff-lcs-1.2.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-docile-1.1.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-gem2rpm-0.11.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hashdiff-0.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-hitimes-1.2.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-json-1.8.3-0.250018781.g4af754f.rb2.i686.rpm
rubygem-little-plugger-1.1.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-logging-2.1.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-mini_portile2-2.0.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-multi_json-1.12.1-0.250018781.g4af754f.rb2.i686.rpm
rubygem-nokogiri-1.6.7.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pg-0.19.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-pidfile-0.3.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-public_suffix-2.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-retries-0.0.5-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-core-3.5.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-expectations-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-mocks-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-rspec-support-3.5.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-safe_yaml-1.0.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sequel-4.42.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-0.12.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-simplecov-html-0.10.0-0.250018781.g4af754f.rb2.i686.rpm
rubygem-sophos-iaas-1.0.0-0.250769404.g60829c0.i686.rpm
rubygem-thor-0.19.4-0.250018781.g4af754f.rb2.i686.rpm
rubygem-timers-4.1.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-webmock-2.3.2-0.250018781.g4af754f.rb2.i686.rpm
rubygem-yard-0.9.5-0.250018781.g4af754f.rb2.i686.rpm
sensors-3.3.0-2.7.13.1879.g9bdb96e.rb2.i686.rpm
ep-reporting-9.40-34.gca719d9.rb5.i686.rpm
ep-reporting-resources-9.40-34.gca719d9.rb5.i686.rpm
ep-branding-ASG-afg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-ang-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-asg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-atg-9.40-50.g1bcd426.noarch.rpm
ep-branding-ASG-aug-9.40-50.g1bcd426.noarch.rpm
ep-confd-9.40-930.g4eb9865.i686.rpm
ep-confd-tools-9.40-887.g340860a.rb11.i686.rpm
ep-cssd-9.40-27.gf72484e.rb3.i686.rpm
ep-ha-aws-9.40-375.g60829c0.noarch.rpm
ep-hardware-9.40-7.gaae91c6.rb4.i686.rpm
ep-hotspot-web-9.40-3.g05973ee.rb5.i686.rpm
ep-init-9.40-15.g16e98cd.rb4.noarch.rpm
ep-localization-afg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-ang-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-asg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-atg-9.40-32.g5661e6c.rb5.i686.rpm
ep-localization-aug-9.40-32.g5661e6c.rb5.i686.rpm
ep-mdw-9.40-530.g96292a8.rb10.i686.rpm
ep-repctl-0.1-0.247179648.g78524e5.rb6.i686.rpm
ep-restd-9.40-0.250015768.ge75b9db.rb2.i686.rpm
ep-sandboxd-9.40-0.249594584.gee03869.rb2.i686.rpm
ep-webadmin-9.40-794.g24b46b1.rb16.i686.rpm
ep-cloud-ec2-9.40-46.g5495907.rb3.i686.rpm
ep-chroot-smtp-9.40-121.g780e765.rb4.i686.rpm
chroot-ipsec-9.40-14.g5e2e541.rb3.i686.rpm
ep-httpproxy-9.40-392.gc2d236b.rb5.i686.rpm
kernel-smp-3.12.58-0.247785862.g17c1041.rb7.i686.rpm
kernel-smp64-3.12.58-0.247785862.g17c1041.rb7.x86_64.rpm
ep-release-9.410-6.noarch.rpm



This thread was automatically locked due to age.
  • Hi!

     

    Exactly the same for me, they told me to adjust my setting like you say. Yes it solves the problem, but Webadmin tells me, that Sandstorm is not working any more with this setting. So, not really a solution. Again, a very good example for development of software in live environments. I see it quite often, when Im looking at sophos´s work. it is always a good advice (if not really necessary) to wait at least 2 weeks or if you have a running system not to install the updates. Up to now I never had to reimage a device, but for me, it seems to get worse with the software development. Isn´t it like that, every release resolves some problems, but also creates new bugs?

     

    BR,

    Sebastian

  • I forgot to mention, that in my HA setup, the active node´s webadmin stopped working today. I even could get it working again by restarting the httpd daemon. I needed to reboot the master firewall. With the second node, the webadmin is working again....

     

    Was seeing this lines in httpd.log:

     

    httpd[10853]: [core:error] [pid 10853] [client 1.1.1.1:14953] Premature end of script headers: webadmin.plx, referer: https://myfirewall:4444/
    httpd[10853]: [core:error] [pid 10853] [client 1.1.1.1:14953] End of script output before headers: webadmin.plx, referer: https://myfirewall:4444/

  • Hi All,

    We are aware of the issue (NUTM-6747) and looking into this with huge priority.

    Thanks for patience

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • EXACTLY how was this release tested and Quality Assurance tested BEFORE it was released...

     

    Seriously this is bad ..

     

    I will be ringing al my Astaro/Sophos customers tomorrow hoping they have not already scheduled a UP2DATE

     

  • Hi,

     

    after Updating - it seems that Microsoft Active Sync is no longer working with the Sophos UTM ... my Android phone and also the tablet tells me no connection.

    Anyone else with this problem? Is it possible to roll back the last update?

     

    Regards

    Robert

  • Having the same issue as other users - mail sitting in the queue with "AV Scan pending" status.

    Have tried to set Single Scan & Avira - still seems to be hanging.

  • Hi All,

    Use Avira as AV Scanner. If Dual Scan is used, then switch off Dual scan and activate single scan with Avira. This is the workaround for this issue as of now. We are working on the fix.

    Thanks for the patience.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • sachingurung said:
    [...]We are working on the fix.[...]

    Do you have a release Data? - We got the same Problem -.-

  • Hi,

     

    could you please be a little more exact? Is this hint only ment regarding the smtp proxy or also for webproxy for example? What if somebody has configured dual scan in webproxy? I see my root partition filling up, but then it goes back and after filling up again, again and again.... Network Monitor+Device Agent are exiting recurringly. Something is strange.

     

     

    Regards

    Sebastian

  • Hi,

     

    sorry for my bad english. But in our company we have the Sophos UTM not for joke, it's the most improtant connection to our customers.

    And it's not the first time, firmware updates makes trouble.

    Please software developer create a simple button to restore a older firmware relaise.  

     

    Many thanks

    Juergen